Plaintext passwords accidentally recorded in internal Github logs
Github has informed some of its users via email that, in one of their regular security auditing, they have found a bug in their password reset functionality that caused the credentials of these users to be dumped into their secure internal logs without any encryption.
Github requests that affected users have to reset their passwords and informs that passwords have only been exposed internally, so they should not have fallen into the wrong hands.
References:
- 01/05/2018 bleepingcomputer.com GitHub Accidentally Recorded Some Plaintext Passwords in Its Internal Logs
- 02/05/2018 redeszone.net GitHub ha estado guardando contraseñas en texto plano por error; esto es lo que debes hacer
- 02/05/2018 infosecurity-magazine.com Plaintext Password Problem for Some GitHub Users
Tags: